Privacy Notice

PRIVACY NOTICE (EFFECTIVE DATE: OCTOBER 4, 2018)

I. Introduction. Your privacy is important. This Privacy Notice (the “Privacy Notice,”) together with its addendums, our Terms of Use and any other documents referred to in this Privacy Notice or the Terms of Use explains how we comply with applicable privacy requirements and sets out minimum standards for how we deal with all personal data that we collect from you, or that you provide to us including via this website and any other websites or applications of Frank Recruitment Group Services Limited and its affiliates (collectively, the “Websites”). Frank Recruitment Group Services Limited and our affiliates (collectively, “we,” “us,” “our,” or “FRG”) include Nigel Frank International Limited, Mason Frank International Limited, Frank Recruitment Group UK Services Limited, Frank Recruitment Group Services USA Ltd., Frank Recruitment Group Inc., Frank Recruitment Group Services Inc., Frank Recruitment Group Private Limited (Singapore), Frank Recruitment Group Pty Limited (Australia), Frank Recruitment Group GmbH and businesses operated by our group under the brand names including Nigel Frank, Mason Frank, Nelson Frank, Jefferson Frank, Churchill Frank, Anderson Frank, Pearson Frank, Washington Frank, FRG Technology Consulting, Gulfjob Market and Dynamic Jobs.

If you want to contact FRG or any of its group companies, please click here.

This Privacy Notice sets out the basis on which we collect, store, use and disclose personal data we receive in writing, through our Websites, or through the recruitment services that we provide. It therefore applies to personal data that you provide to FRG telephonically, electronically (including email) and in person.

This information may be updated from time to time, and should be read in the context of any additional specific information such as that provided in privacy policies applicable to specific businesses or local areas as displayed on the relevant Website or distributed to you from time to time.

This Privacy Notice also informs you how we obtain and use information gained by us through your use of the Websites, including by using “cookies” and third party vendors.

Please read the following carefully to understand our views and practices regarding your personal data, how we will treat it and your rights. You can contact FRG’s Chief Privacy Officer (“CPO”) by emailing privacy@frankgroup.com.

This Privacy Notice applies to FRG globally. The first part of the policy is general and applies globally. The second of the Privacy Notice is comprised of country-specific addendums. Please be sure to check the addendums below to see if there is one that applies to your country. In the event of a conflict between the general part of this Privacy Notice and an addendum, the addendum prevails.

II. Who are we?

FRG is a global niche technology recruitment company that operates under the brands listed above. FRG offers recruitment services for permanent hiring and contract or temporary services.

III. Who does this Privacy Notice protect?

This Privacy Notice protects individuals throughout the world who access our Websites or receive recruitment services from us. In addition to candidates who are looking for a new or different job or career, this also includes individuals who are employed by an actual, former or prospective FRG client. An FRG client is one of (a) a business that FRG has contracted with to provide recruitment services or is in the process of doing so, (b) a business that FRG may solicit with the intention of providing recruitment services or (c) a business to whom FRG may provide relevant IT market information.

IV. What information will we collect?

Some of the data that we collect and receive from you is personal data which means that it is information that could personally identify you (“Personal Data” or “PII”). The Personal Data that we may collect from all users of our Websites and users of our recruitment services may include any of the following:

Name;

Contact details e.g. street address, email address, telephone number;

Work Experience;

Job Title;

Professional Certifications;

Education & Qualifications;

Skills;

Career History;

Salary Range;

Right to work status \ citizenship;

Other information relevant to help us provide recruitment services;

References from past employers; and

IP address

For Contract Candidates Only (individuals who are employed by, consult with and/or own an entity recruited by FRG to provide contract or temporary technical professional services to an FRG client (or an FRG client’s client))

In addition to the Personal Data listed above, FRG may collect the following from you:

Tax details and proof of payment and submission;

Commercial insurance information; and

Bank and payment details.

While this information may relate to your company or your employer rather than being your Personal Data, we have listed this information for transparency.

If your provision of Personal Data to FRG is necessary to enter into a contract with your company or your employer, your failure to provide us with accurate Personal Data may result in FRG not being able to offer or render recruitment services to you, your company or your employer.

V. Why do we process your Personal Data?

Generally, we use your Personal Data for our business and activities, and in our efforts to expand and improve our business. Examples include:

To assess data about you against vacancies which we judge may be suitable for you;

To enable you to submit your CV/resume to FRG, apply online (including through the Websites) for jobs or to subscribe to alerts about jobs we think may be of interest to you;

To enable us to develop and market other products and services and where you have consented to being contacted for such purposes;

To improve our customer service and to make our services more valuable to you (including tailoring the Websites when you log on to enrich your personal online experience);

To send you electronically or by post surveys, reports, FRG event details, promotions, offers, networking and client events and general information about relevant industry sectors which we think might be of interest to you, where you have consented to being contacted for such purposes (and we will provide you with an opportunity to opt out);

To identify you, and respond to and process your requests for information and provide you with a product or service;

To amend records to remove personal information;

To use your information on an anonymised basis to monitor compliance with our equal opportunities policy, other FRG policies and any legal or compliance requirements;

To use your information on an anonymised basis to create marketing materials such as a salary survey; and

To carry out our obligations arising from any contracts entered into between you and us, and for other everyday business purposes that involve use of Personal Data.

Actual or Prospective Candidates

To help find you or your company a job;

To contact you (permanent hire candidates), your employer or your company (contract candidates) about jobs that FRG is filling or may fill for FRG clients;

To provide you or your company with information about the job market;

To communicate with you (permanent hire candidates), your employer or your company (contract candidates) after you or it has started a job to make sure all is going well or to remedy, or attempt to remedy, any problems;

To collect any money due, or allegedly due, to FRG or any FRG client (or FRG’s client’s client);

To obtain or inquire about any property (including computers and confidential business information) owned, or allegedly owned, by FRG or any FRG client (or FRG’s client’s client);

To establish, exercise or defend any legal claims; and

To assist you (permanent hire candidates), your employer or your company (contract candidates) if you are dissatisfied or dislike the job, or any aspect of it.

Individuals who work for FRG clients (i.e. a “client contact”)

To fill an open vacancy at your company or employer;

To contact you about candidates for jobs with whom FRG has a relationship;

To provide you with information about the job market;

To communicate with you after your company or employer has hired/retained an FRG candidate to make sure all is going well and to remedy, or attempt to remedy, any problems;

To negotiate and fulfill any aspect of your company’s or employer’s contract with FRG;

To answer any questions you have about a job or a candidate or your company’s or employer’s contract with FRG;

To resolve any issue with the issuance, payment, collection or enforcement of an FRG invoice;

To collect any property owned by FRG or any FRG candidate;

To establish, exercise or defend any legal claims.

VI. Who do we send your Personal Data to?

All users of the Websites and/or our services

To third parties where we have retained them to provide services that we or you have requested or that FRG clients have requested including references, qualifications and background reference checking services and to verify the details you have provided from third party sources.

To third parties to provide data storage, CV/resume parsing, data cleansing and marketing (via email & SMS, standard SMS and text rates may apply) services to FRG where such third parties have agreed to maintain the confidentiality of, and to protect, your Personal Data in accordance with applicable law.

To third parties, regulatory or law enforcement agencies if we believe in good faith that we are required by law to disclose it in connection with the detection of crime, the collection of taxes or duties, in order to comply with any applicable law or order of a court of competent jurisdiction, in connection with legal proceedings or other similar cause or circumstance.

To FRG affiliates, whose locations can be found at https://www.frankgroup.com/contact in order that they may process your Personal Data in accordance with this Privacy Notice.

In the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets, or a controlling interest in the equity, of FRG (or any of its group companies) provided that such counterparty(ies) to any such transaction agrees to adhere to the terms of this Privacy Notice (or a similar document) and applicable law.

Actual or Prospective Candidates

To FRG clients in order for them to determine if you (permanent hire candidate) or your company or employer (contract candidate) are or may be qualified to fill a vacancy.

Individuals who work for FRG clients (i.e. a client contact)

To candidates in the course of providing your company or employer with recruiting services and to further the recruitment process.

To third parties where we have retained them to provide services that you have requested including candidate skill tests and other testing.

VII. What will FRG do if my Personal Data is breached?

FRG has put in place reasonable technical, administrative and physical safeguards intended to prevent a breach of your Personal Data. That being said, FRG cannot guarantee that your Personal Data will not be breached.

A breach can take many forms, including, without limitation, the loss of your Personal Data or the unauthorized access to, disclosure, modification, copying and transfer of your Personal Data.

Once FRG becomes aware of the breach, FRG will take reasonable steps to isolate the breach, stop the breach, determine the root cause, determine the Personal Data breached, fix the root cause and determine if notice to you and/or the appropriate government agency(ies) is required. FRG will comply with all applicable law in reacting to, and dealing with, a breach of Personal Data.

If you believe, for any reason, that your Personal Data has been breached while in FRG’s care, custody or control, please email FRG immediately at privacy@frankgroup.com.

VIII. Will my Personal Data be transferred to another country?

Yes, FRG may transfer your Personal Data to the categories of third parties described in this Privacy Notice, some of whom are located outside of the country in which you provided your Personal Data to FRG or the country of collection.

If so, FRG will take reasonable steps to ensure that your Personal Data is protected and treated in accordance with this Privacy Notice and local applicable law. The countries where FRG may transfer your Personal Data will have varying levels of data security practices and laws, some of which may be less stringent or protective than your country. FRG will use all reasonable efforts to require that any of its suppliers and vendors who receive your Personal Data are contractually bound to (a) keep your Personal Data confidential and (b) take, at a minimum, reasonable efforts to maintain the privacy and security of your Personal Data.

Under certain circumstances, FRG may share your Personal Data with one or more of its group companies who may be located in a country other than yours or other than the country in which FRG collected your Personal Data. In such cases, FRG will comply with applicable laws and its Intercompany Data Processing Agreements (“DPAs”). The DPAs are incorporated by reference into this Privacy Notice.

IX. How long will FRG store my Personal Data for?

We are required by applicable law to store your Personal Data for as long as is necessary to comply with our legal, regulatory and contractual obligations. This period of time will vary based on the law in your country and in the country where FRG stores your Personal Data.

In addition, FRG will keep your Personal Data for the identified purposes until it reasonably believes that it no longer needs it, that there is no reasonable chance that you, your employer or your company will do business with FRG, and there is no reason to believe that we will need the Personal Data for any special circumstances such as the issuance or defence of legal proceedings, audit, investigation or collections.

X. Sending FRG Personal Data over the internet

Your Personal Data is held on servers hosted by us, our internet services providers or third party vendors with whom FRG has a contract. The transmission of information via the internet is not completely secure. Although we will take the efforts set forth in the Privacy Notice to protect your Personal Data, we cannot guarantee the security of any data transmitted through or to our Websites. Any transmission of data by you to us over the internet is at your own risk.

XI. How we collect and aggregate information about visitors to our Websites

We also collect information about the way job seekers and visitors use the Websites in order to improve our services, to understand our users better, and to determine aggregate trends, most popular pages, etc. By using the Websites, you agree that we may share de-identified aggregate data with selected third parties to assist with these purposes. We may also undertake marketing profiling to help us identify candidates, clients, or jobs which may be of interest to you. We may process Personal Data that you submit to us through the Websites under one or more of the permissible bases for processing Personal Data set forth in the Privacy Notice.

XII. Technology and Tools

Like many companies, we use technology and tools that tell us when a computer or device has visited or accessed our content. Those tools include services from search engines and other companies that help us to tailor our products and services to better suit our customers and potential customers. Search engines provide facilities to allow you to indicate your preferences in relation to the use of those tools in connection with computers and other devices controlled or used by you.

We also set out further information below about Cookies and Web Beacons.

A. What are cookies?

A “cookie” is a piece of information that is stored on your computer’s hard drive and which records your navigation of a website so that, when you revisit that website, it can present tailored options to you based upon the stored information about your last visit. You can normally alter the settings of your browser to prevent acceptance of cookies.
Cookies are used are many, many websites, including FRG’s Websites.

B. How do we use cookies and plug-ins?

We use “cookies” and plug ins to: (1) make the Websites function properly and as a user would normally expect of a commercial website, (2) monitor Website user traffic patterns and Website usage.; and (3) help us to advertise to you jobs we think you, your company or your employer will be interested in. Our use of these tools helps us to understand how our users use our Websites so that we can develop and improve the design, layout and functionality of the Websites and to provide more efficient and relevant services to you.

C. There are different kinds of cookies with different functions.

The cookies we use are explained below:

1. Session cookies: these are only stored on your computer during your web session. They are automatically deleted when the browser is closed. They usually store an anonymous session ID allowing you to browse a website without having to log in to each page. They do not collect any information from your computer.

2. Persistent cookies: a persistent cookie is one stored as a file on your computer, and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again.

3. Strictly necessary cookies
These cookies are essential to enable you to use the Websites effectively and therefore cannot be turned off. Without these cookies, the services available to you on our Websites cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.

4. Performance cookies
These cookies enable us to monitor and improve the performance of our Websites. For example they allow us to count visits, identify traffic sources and see which parts of the Websites are most popular. These cookies do not collect information that identifies a visitor, as all information these cookies collect is anonymous and is only used to improve how our Websites work.

5. Functionality cookies
These cookies allow our Websites to remember choices you make (such as your user name, language or the region you are in) and provide enhanced features. These cookies can also be used to remember changes you have made to text size, font and other pages of our Websites that you can customise. They may also be used to provide services you have requested such as viewing a video or commenting on a blog.

6. Personalisation cookies

The FRG Websites use personalisation cookies to help us to advertise jobs that we think may be of interest to you. These cookies are persistent and mean that when you log in, or return to, the particular FRG Website, you may see advertising for jobs that are similar to jobs that you have previously browsed.

For information on how to reject these personalisation cookies, see Section E below.

D. Cookies and Plug-ins set by FRG or Third Parties used by FRG

Below is a list of the principal cookies that you may encounter on our Websites and the purpose for which we use each one and the duration that the cookie remains in place (unless you take action to reject the cookie). FRG may update this list from time to time. Most of the cookies on our Websites are set by third parties. FRG works with several third parties to provide services which help us to keep the Websites tailored to your needs. Some of these vendors use cookies to help them deliver these services. For these cookies, which we do not and cannot control, we have included a link where you can learn more about the particular cookie.

Please note that we use some plug-ins on the Websites that do not collect or give us your PII. For security reasons, we have omitted those plug-ins from the chart below.

If you don’t wish to receive cookies that are not strictly necessary to perform basic features of our Websites, you may choose to opt out of them by selecting the appropriate box on the top right hand side of this page.

Note that most web browsers will accept cookies, but if you would rather that we did not collect data in this way you can choose to accept or reject some or all cookies in your browser’s privacy settings. Rejecting all cookies means that certain features of the Website(s) cannot then be provided to you and accordingly you may not be able to take full advantage of all our Websites’ features. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences.

For more information generally on cookies, including how to disable them, please refer to aboutcookies.org (http://www.allaboutcookies.org/). You will also find details on how to delete cookies from your computer.

F. Web Beacons

FRG may use or include web beacons in emails or other electronic communications that FRG sends to you. We use web beacons to help us analyze the effectiveness of our communications to you. For example, we may use web beacons to understand when and if you opened our email, how many times you opened the email, if you have forwarded the email to another email address, or if you clicked on a link in an email that we sent to you. The web beacons do not collect or give us your PII but they do provide information to us about your actions after receiving a communication from us. If you would like to stop receiving emails with web beacons from us, you may unsubscribe by clicking the “Unsubscribe” link in the email. However, you may receive auto generated emails from FRG after you create an account on the Websites or take some other affirmative action on the Websites which contain web beacons but do not contain an “Unsubscribe” link. In those cases, just simply email privacy@frankgroup.com if you would like to stop receiving emails from FRG with web beacons.

Also, FRG works with third parties to help manage online advertising who imbed web beacons in online job postings and job advertisements that FRG requests these third parties to post online. One such third party that we use is Broadbean. These web beacons allow Broadbean to obtain information such as the IP address of the computer that downloaded the page on which the beacon appears, the URL of the page on which the beacon appears, the time the page containing the beacon was viewed, the type of browser used to view the page, and the information in cookies set by a third party that Broadbean uses such as Google Analytics. These files enable Google Analytics to recognize a unique cookie on your web browser, which in turn enables Broadbean to learn which advertisements bring users to our Websites or websites on which Broadbean placed our advertisements. The cookie on your web browser was placed by Broadbean, or by another advertiser who works with Google Analytics. With both cookies and web beacon technology, the information that Google Analytics (either directly, see cookie/plug-in chart above) or Broadbean collects and shares with us is anonymous and not personally identifiable. It does not contain your name, address, telephone number, or email address. For more information about Google Analytics, including information about how to opt out of these technologies, go to www.google-analytics.com. For more information about web beacons and cookies placed by Broadbean, please click https://www.broadbean.com/uk/privacy-policy/.

XIII. Links to other websites

Please note that clicking on links and banner advertisements and RSS (Rich Site Summary) feeds may result in your transfer to another website, where data privacy practices may be different than described in this Privacy Notice. It is your responsibility to check other website privacy notices and policies to ensure that you are happy for your personal information, including Personal Data, to be used in accordance with those third parties’ privacy notices and policies. We accept no responsibility for, and have no control over, third party websites, links, adverts or RSS feeds or information that is submitted to or collected by third parties.

XIV. Changes to our Privacy Notice

Any changes to this Privacy Notice or any of its addendums will be posted on this Website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We encourage you to check this Website frequently for updates. Your continued use of this Website or any FRG services shall constitute your acceptance of the revised Privacy Notice.

FRG will interpret and enforce this Privacy Notice in accordance with all applicable law.

In order to process your Personal Data lawfully FRG must have a legal basis to do so. FRG relies on three main legal basis for processing your Personal Data:

1) where we obtain your affirmative consent to use your Personal Data in this way;

2) where we have a legitimate interest in processing your Personal Data, which we have balanced against your rights and freedoms and concluded that our processing is justifiable; or

3) where our handling of your Personal Data is necessary for us to perform the obligations under your company’s or employer’s contract with FRG (inapplicable to candidates for permanent hire).

We may rely on one or more legal bases to process your Personal Data.

All users of the Websites and/or our services

Legitimate Interests: FRG uses Personal Data that we collect for the following general purposes in the performance of our legitimate interests as a business: to provide the services to our candidates and clients; to enhance their experience, to improve our services and to contact candidates and clients.

Actual or Prospective Candidates

Consent: If you, whether on your own behalf (permanent hire candidate) or on behalf of your company or your employer (contract hire candidate), would like to receive general marketing and other communications from us, you will have the option to affirmatively check a box consenting to FRG processing your Personal Data for this purpose. FRG may also ask you via email or telephone for your affirmative consent to receive marketing and other communications from us..

Legitimate interest: FRG has a legitimate interest in processing your Personal Data in order to fill a job, to provide you (permanent hire candidate) or your company or your employer (contract hire candidate) with other products and services to help you in your career and to market its products and services to you in order to grow our business, to demonstrate our knowledge of the marketplace and relevant technologies and to enhance the standing and recognition of our brands. FRG also has legitimate interest to process your Personal Data if you apply for, or seek further information about, a job posted on one of the Websites or a job advertised by FRG on a job board, social media site or other forum.

Necessary for the performance of a contract: FRG can process your Personal Data in the performance of its contract with your company or employer.

Individuals who work for FRG clients (i.e. a client contact)

Consent: If you would like to receive general marketing and other communications from us, you will have the option to affirmatively check a box consenting to FRG processing your Personal Data for this purpose. FRG may also ask you via email or telephone for your affirmative consent to receive marketing and other communications from us..

Legitimate Interest: FRG has a legitimate interest in processing your Personal Data in order to fill a vacancy at your company or employer, and provide you with other products and services relevant to your company or employer and to market its products and services to you in order to grow our business, to demonstrate our knowledge of the marketplace and relevant technologies and to enhance the standing and recognition of our brands. FRG also has legitimate interest to process your Personal Data if you seek or obtain further information about FRG or an FRG candidate.

Necessary for the performance of a contract: FRG can process your Personal Data in the performance of its contract with your company or employer.

With respect to actual or prospective client contacts and candidates, if FRG obtains your Personal Data from someone other than you, FRG shall inform you of the identity and contact details of the person or entity from whom FRG obtained your Personal Data, whether FRG obtained your Personal Data from publicly available sources, the categories of Personal Data that FRG obtained and, if FRG is processing your Personal Data based on its legitimate interest (see Section III below), the nature of FRG’s legitimate interest. FRG shall provide you with the information listed in this paragraph by the earlier of (1) one month after FRG obtains your Personal Data or (2) if FRG uses your Personal Data to communicate with you, the first time that FRG communicates with you.

FRG shall not provide you with the information described in the paragraph immediately above if you already possess this information, providing you with such information is against applicable law, is subject to an obligation of professional secrecy, proves impossible, would involve a disproportionate effort or would render impossible or seriously impair the achievement of the objectives of the processing, in which case, FRG shall take appropriate measures to protect your rights, freedoms and legitimate interests.

III. Your Special Rights under Data Protection Laws

Do I have a right to be erased (forgotten)?

Yes. You have the right to request that FRG deletes or removes your Personal Data where there is no compelling reason for us to continue to process it. You can exercise this right, free of charge, by sending an email to FRG at privacy@frankgroup.com.

Please note that your right to erasure is not absolute. FRG will remove your Personal Data when:

(1) the Personal Data is no longer necessary in relation to the purpose for which FRG originally collected and/or processed it;

(2) if FRG is processing your Personal Data on the basis of your consent and you withdraw consent;

(3) you object to the processing of your Personal Data and there is no overriding legitimate interest for us to continue to process it;

(4) the Personal Data was unlawfully processed; and

(5) the Personal Data must be erased to comply with a legal obligation.

FRG can refuse to comply with an erasure request in the following limited circumstances:

(a) to exercise FRG’s right of freedom of expression and information;

(b) to comply with a legal obligation or for the performance of a public interest task;

(c) for archiving purposes in the public interest, scientific research, historical research or statistical purposes; or

(d) for the establishment, exercise or defence of legal claims.

If we remove your Personal Data per your request for erasure, then we will confirm this with you.

If we have disclosed any of your Personal Data to a third party and you submit an erasure request to us, then we will inform (1) you about the recipients and (2) any such third parties of your erasure request unless doing so is impossible or involves disproportionate efforts.

We will respond to your erasure request without undue delay. Please note that, for your and FRG’s protection, we cannot respond to an erasure request until we have verified the identity of the person making the request. This verification process may extend the response timeframes set forth in this paragraph.

Do I have a right of access to a copy of my Personal Data?

Yes. You have the right to:

obtain confirmation that your Personal Data is being processed;

a copy of your Personal Data being processed;

the purposes of the processing;

the categories of personal data being processed;

the recipients or categories of recipients to whom FRG has disclosed your Personal Data; and

the criteria FRG uses to determine how long it will store your Personal Data.

This right is in place to ensure that you are aware of and can verify the lawfulness of the processing. In most cases, we will provide you with a copy of your Personal Data free of charge. However, we may charge you a reasonable fee if your request is manifestly unfounded, excessive or repetitive. With respect to unfounded, excessive or repetitive requests, in rare cases, FRG may refuse to respond to your request but will explain the reason(s) for its refusal to you without undue delay and within one month of its receipt of your request. If FRG so refuses, you have the right to file a complaint with the ICO and to seek a judicial remedy.

If you submit your access request to FRG electronically, FRG will provide you with its response, and a copy of your Personal Data (if applicable) via email or other commonly used electronic form.

If FRG did not collect your Personal Data from you, FRG will inform you about the source from which it obtained your Personal Data. Your right of access does not adversely affect your right of erasure (forgotten) and right of rectification, both of which are described in this Privacy Notice.

Generally, FRG will provide you with a copy of your Personal Data without undue delay and within one month of its receipt of your request, provided that FRG may extend this time period for up to two additional months if your request is complex or numerous. If FRG exercises this extension of time, FRG will inform you of its decision to exercise the extension within one month of its receipt of your request, and will explain the reason(s) for the extension. If your request is large or complex, FRG may ask you to specify the particular information or category of information you seek.

Please note that, for your and FRG’s protection, FRG cannot respond to an access request until it verifies the identity of the person making the request for your Personal Data. This verification process may extend the response timeframes set forth in the paragraph above.

Do I have a right to object to the processing of my Personal Data, including the processing of my Personal Data by FRG for direct marketing?

Yes, you have a right to object to the processing of your Personal Data where:

If FRG receives an objection request from you for reasons unrelated to direct marketing, FRG will stop processing your Personal Data unless we can show compelling legitimate ground(s) for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of any legal claims.

If FRG receives an objection request from you for reasons related to direct marketing, we will stop processing your Personal Data.

If you receive a direct marketing communication from FRG and you do not wish to receive future direct marketing communications from FRG, you may request to unsubscribe from future marketing communications by sending FRG an email at privacy@frankgroup.com In addition, if the direct marketing communication you received was via email, you can click the “Unsubscribe” link at the bottom of the email, fill out the required form and FRG will process your unsubscribe request. Please allow up to ten (10) business days for your unsubscribe request to take effect.

Do I have a right to restrict processing of my Personal Data?

Yes, you have a right to restrict, the processing of your Personal Data. You can exercise this right, free of charge, by sending an email to FRG at privacy@frankgroup.com. When you exercise this right, FRG may continue to store your Personal Data but cannot further process it. FRG will cease processing your Personal Data in the following circumstances:

(1) when you file a rectification request with FRG (see the “Do I have a right to have any inaccurate or incomplete Personal Data rectified?” section below) in accordance with this Privacy Notice and applicable law. The restriction shall remain in place until such time as FRG has verified the accuracy of the Personal Data that is the subject of your rectification request;

(2) where FRG is processing your Personal Data based on its legitimate interest and you file a notice with FRG objecting to the processing of your Personal Data (see the “Do I have a right to object to the processing of my Personal Data?” section above) in accordance with this Privacy Notice and applicable law, FRG will cease processing your Personal Data until such time as FRG has made a determination as to whether its legitimate grounds for continued processing override your reasons for objecting to the processing;

(3) when the processing is unlawful and you do not seek or want erasure and you file a restriction request with FRG in accordance with this Privacy Notice and applicable law instead; and

(4) if FRG no longer needs the Personal Data and you require the data to establish, exercise or defend a legal claim.

While the processing of your Personal Data is restricted, FRG may continue to process such data by storing it, processing it with your consent or processing it for the establishment, exercise or defence of legal claims.

FRG will inform you if it decides to lift a restriction on processing.

If FRG has disclosed any of your Personal Data to a third party and you submit a request to restrict processing, FRG will inform (1) you about the recipients if you so request and (2) any such third parties of your restriction request unless doing so is impossible or involves disproportionate efforts.

FRG will act on your restriction request in accordance with this Privacy Notice without undue delay. Please note that, for your and FRG’s protection, FRG cannot act on a restriction request until it verifies the identity of the person making the request. This verification process may extend the timeframe in which FRG acts on your restriction request.

Do I have a right to Personal Data portability?

Yes. You can exercise this right, free of charge, by sending an email to FRG at privacy@frankgroup.com. This right exists to allow you to obtain and use your Personal Data for your own purposes across different services. Under this right, you can move, copy or transfer your Personal Data from FRG to another data controller.

This right applies where FRG is processing your Personal Data with your consent or for the performance of a contract. It also applies if we process your Personal Data by automated means. If your portability request concerns someone other than you, FRG will have to consider whether providing or porting the Personal Data would prejudice the other person’s or people’s rights.

Generally, FRG will respond to your portability request without undue delay and within one month of its receipt of your request, provided that FRG may extend this time period for up to two additional months if your request is complex or numerous. If FRG exercises this extension of time, FRG will inform you of its decision to exercise the extension within one month of its receipt of your request, and will explain the reason(s) for the extension. Where technically feasible, you may request that FRG transmit your Personal Data to another data controller.

Do I have a right to object to decision been taken by automated means?

If FRG uses automated (i.e. non-human) methods to process your Personal Data to make decisions that could potentially have a damaging legal or similarly significant effect on you (each, an “Automated Decision”), you have the right not to be subject to the Automated Decision. This right is inapplicable to any Automated Decision made by FRG that is necessary for entering into or the performance of a contract between you and FRG, is authorized by law or is based on your explicit consent.

If FRG makes any Automated Decisions to which this right applies, FRG will ensure that you are able to obtain human intervention, express your point of view and obtain an explanation of the decision and challenge it.

If FRG engages in “profiling” by automated means, FRG will ensure that appropriate safeguards are in place including (1) ensuring that the processing is fair and transparent by providing you with meaningful information about the logic involved and the significance and consequences of the outcome of the decision, (2) using appropriate mathematical or statistical procedures for the profiling, (3) implementing appropriate technical and organizational measures to enable inaccuracies to be corrected and minimize the risk of errors and (4) securing the Personal Data in a way that is proportionate to the risk to your interests and rights and prevents discriminatory effects.

Do I have a right to have any inaccurate or incomplete Personal Data rectified?

Generally, FRG will respond to your rectification request within one month of its receipt of your request, provided that FRG may extend this time period for up to two additional months if your request is complex. In rare cases, FRG may refuse to respond to your request but will explain the reason(s) for its refusal to you within one month of its receipt of your request. If FRG so refuses, you have the right to file a complaint with the ICO and to seek a judicial remedy.

If FRG has disclosed any of your Personal Data to a third party and you submit a rectification request to FRG that FRG is going to honor, FRG will inform (1) you about the recipients and (2) any such third parties of your rectification request as well as any corrected Personal Data, unless doing so is impossible or involves disproportionate efforts.

We will use reasonable endeavours to ensure that your Personal Data is maintained and up to date.

IV. What are my rights if the Security of my Personal Data is breached?

A breach of Personal Data (a “Breach”) means a breach of security leading to the destruction, loss, alteration, unauthorized disclosure of, or access to, your Personal Data for which we are responsible under applicable law.

If the Breach is likely to have a significant detrimental effect on your rights and freedoms (such as resulting in discrimination, damage to reputation or financial loss), FRG will notify the ICO without undue delay, and if feasible, within 72 hours of FRG’s becoming aware of the Breach. FRG will assess the determination of “significant detrimental effect” on a case by case basis.

If the Breach is likely to result in a “high risk” to your rights and freedoms, FRG will notify you without undue delay. To be clear, the threshold requiring FRG to notify you of a Breach is higher than the threshold requiring FRG to notify the ICO of a Breach so it is possible that FRG will notify the ICO of a Breach but not you. FRG will assess the determination of “high risk” on a case by case basis.

Any Breach notice issued by FRG will contain, where possible, (1) the categories and approximate number of individuals and Personal Data records effected by the Breach, (2) the name and contact details of the ISM (or other FRG contact representative if FRG does not have a ISM at the time that FRG issues the Breach notice), (3) a description of the likely consequences of the Breach, (4) a description of the measures that FRG has taken, and may take, to stop the Breach and, where appropriate, to mitigate the adverse effects of the Breach and (5) recommendations on actions you can take to protect yourself in light of the Breach.

V. Will my Personal Data be transferred outside the EEA/UK?

FRG may transfer your Personal Data to third parties described in this Privacy Notice who are located outside of the EEA/UK. If so, FRG will take reasonable steps to ensure that your Personal Data is protected and treated in accordance with this Privacy Notice and local applicable law. Some of the countries outside the EEA/UK where your Personal Data may be transferred will be on the EU Commission’s list of countries that it has deemed to have adequate security controls in place. If FRG transfers your Personal Data to a country not on this list, we will require the recipient to agree to the EU Commission’s model clauses for data protection or other adequate safeguards.

Under certain circumstances, FRG may share your personal data with one or more of its group companies who may be located in another country, including outside of the EEA/UK In such cases, FRG will comply with its DPAs. The DPAs are incorporated by reference into this Addendum.

VI. How long will FRG store my Personal Data for?

We are required by law to store your Personal Data for as long as is necessary to comply with our legal, regulatory and contractual obligations.

With respect to GDPR (and similar laws), we will store and process your Personal Data that we obtain via (i) your consent until the earlier of (a) the purpose for which we obtained such information has been fully accomplished or (b) you inform us that you have withdrawn your consent, (ii) our legitimate interest until the earlier of (a) the purpose for which we obtained such information has been fully accomplished or (b) FRG concludes that your rights and freedoms outweigh our right to process your Personal Data and (iii) our necessity for the performance of a contract, until the termination or expiration of the contract including the termination or expiration of FRG’s and your employer’s or company’s duties or obligations that survive any such termination or expiration.

Furthermore, we will store your Personal Data in special circumstances related to the issuance or defence of legal proceedings, outstanding invoices or in connection with any investigation by or of a government authority.

What Protections do I have if FRG transfers my Personal Data to the U.S.?

In short, you have the protections of the Privacy Shield Framework. Frank Recruitment Group Inc., a Delaware corporation, is FRG’s primary affiliate and operating company in the United State (“FRG US”). FRG US complies with the requirements of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce with respect to Personal Data that is transferred from the EEA and Switzerland to the United States. FRG US has certified its participation in the Privacy Shield Frameworks to the Department of Commerce. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view FRG US’s certification, please visit https://www.privacyshield.gov/ and https://www.privacyshield.gov/list. This Privacy Notice only applies to Personal Data within the scope of the FRG US’s Privacy Shield certifications.

FRG US’s Privacy Shield certifications cover Personal Data regarding:

(1) current, former, and prospective employees in connection with the employment relationship which is covered by a separate, employee only, Privacy Notice that has been made available to FRG employees;

(2) Personal Data regarding client contacts and candidates (temp and perm), such as the sale and delivery of recruitment services and the administration of the client and candidate relationship; and

(3) Personal Data regarding third parties (such as service providers and independent contractors) and their personnel and employees, in connection with recruitment services and the provision and performance of technical professional services to client and, where applicable, their end customers and the management and administration of the business relationships with such third parties.

Our certifications do not cover any disclosure of an individual’s Personal Data to a third party who processes the Personal Data for its own purposes when the disclosure is made at the request of the individual.

FRG US discloses Personal Data to third party service providers in connection with the operation of its business, including our provision of services to clients and candidates. FRG US ascertains that these third party service providers provide at least the same level of privacy protection as is required by the Privacy Shield Principles. FRG US may be liable if both (a) third parties fail to meet these obligations and (b) FRG US is responsible for the event giving rise to the damage.

FRG US is subject to the investigatory and enforcement powers of the United States Federal Trade Commission. FRG US may be required to disclose Personal Data to law enforcement, regulatory or other government agencies, or to other third parties, in each case to comply with legal, regulatory, or national security obligations or requests.

Any questions or complaints concerning FRG US’s Privacy Shield compliance, or requests to access, correct, amend, delete, or limit the use or disclosure of Personal Data (opt out) may be directed to privacy@frankgroup.com. If FRG US has not been able to satisfactorily resolve the issue, then you may raise it with (1) your data protection authority (see paragraph immediately below) or (2) the International Centre for Dispute Resolution/American Arbitration Association (“ICDR/AAA“) for non-HR related recourse, which can be contacted at http://go.adr.org/privacyshield.html. Under certain conditions, individuals may have the possibility to engage in binding arbitration through the Privacy Shield Panel. To find out more about individual binding arbitration, please visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

EU/EEA residents. Should your complaint relate to FRG US’s failure to comply with its Privacy Shield commitments and remains unresolved and you reside in the EU/EEA, then you should contact the EU Data Protection Authorities (the “DPAs”) who act as an independent recourse mechanism to settle all such disputes. Such complaints can be directed either to the EU DPAs panel secretariat or individual EU DPAs.

Swiss residents. Should your complaint relate to FRG US’s failing to comply with our Privacy Shield commitments and remains unresolved and you reside in Switzerland, then you should contact the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland with whom FRG US has agreed to cooperate regarding such disputes.

Under the EU-U.S. Privacy Shield, the following independent dispute resolution bodies designated to address complaints will provide appropriate recourse free of charge to the individual: (1) the panel established by DPAs, (2) an alternative dispute resolution provider based in the EU, or (3) an alternative dispute resolution provider based in the United States.

Also, under the Swiss-U.S. Privacy Shield, the following independent dispute resolution bodies designated to address complaints will provide appropriate recourse free of charge to the individual: (1) the Commissioner of the FDPIC, (2) an alternative dispute resolution provider based in Switzerland, or (3) an alternative dispute resolution provider based in the United States.

SINGAPORE ADDENDUM

FRG’s Data Protection Officer is Robert Knight. You can email the Data Protection Officer at privacy@frankgroup.com.

UNITED STATES OF AMERICA ADDENDUM

If you would like a copy of FRG’s US comprehensive information security program, please email FRG’s CPO at privacy@frankgroup.com.

If FRG receives a “Do Not Track” signal or request from a web browser, FRG will not honor such request or signal. FRG has taken this position in part to provide you with a personalized and efficient experience on the Websites.

As discussed in this Privacy Notice, there are third parties who conduct tracking on the Websites.

Information about web beacons used by FRG and third parties with whom it contracts can be found in Section XII.F of the Privacy Notice above.

For users accessing the Websites or using our services in Australia, we comply with Australian privacy requirements including the Privacy Act 1988 (Cth) and Australian Privacy Principles, the Spam Act 2003 (Cth), the Do Not Call Register Act 2006 (Cth) and any applicable state/territory privacy laws or industry codes.

We will deal with your Personal Data (which has the same meaning as “Personal Information” under the Privacy Act 1988 (Cth)) in accordance with those laws, namely any information from which your identity is apparent or can be reasonably ascertained.

Residents of Australia accessing and using the Websites or services are notified that:

a) your Personal Data will be held and processed overseas including in the United States, United Kingdom, Berlin, Germany or Singapore where our offices are located and other countries in which we may open offices in the future. We may also disclose your personal information to others, like our consultants, agents, contractors and service providers, and those that act as data processors, auditors or external advisers, and may be held and processed in other countries including without limitation those listed at the beginning of this subsection “a”;

b) If we use your Personal Data to contact you and you would prefer us not to, or if you indicate a preference for a method of communication, please let us know and we will do our best to respect your preference. When your choice is to continue to deal with us, we take it that you agree to and consent to us using your Personal Information in these ways, providing we follow the system and approach we explain in this Privacy Notice and comply with the applicable law. Where we do not have your Personal Information, we are not able to contact you, process your requests or provide our services to you; and

c) the governing law for the purposes of the Terms of Use and Privacy Notice, and any matters relating to them, including all disputes, will be governed by the laws of New South Wales, Australia. You unconditionally submit to the non-exclusive jurisdiction of the courts having jurisdiction there.

You may wish to contact us to request access to your Personal Information, to seek to correct it or to make a complaint about privacy. Our contact details are set out below:

We will respond to your request for access to Personal Information we hold about you as soon as we reasonably can, including if we are unable to provide you with access (such as when we no longer hold the information).

We do not impose any charge for a request for access, but we may charge you a reasonable fee for our costs associated with providing you with access and retrieval costs.

For complaints about privacy, we will establish in consultation with you a reasonable process, including timeframes, for seeking to resolve your complaint.

[1] The “Purposes” listed in this chart are brief summaries and not intended to explain all or every reason why FRG uses the particular cookie or plug in. If you have any questions about the cookie table, please click the link to the cookie creator’s website and/or email FRG at privacy@frankgroup.com.